When the Titanic set sail, the binoculars for the look-out in the crows-nest were not accessible as they were locked in a cupboard, the knowledge of which and the key was with an officer who was replaced just before sailing. Secure storage was a good control to avoid them being lost, but maybe not fully thought through.
This meant that although only one control failed to operate as designed – the full process for the use of binoculars could not be achieved as they could not be accessed. The knock on effect was that a second control could only operate in a restricted manner as the distance over which the look-out could see was reduced.
The first issue here is that controls must be checked to ensure that they operate as designed. This is the purpose of internal audit.
A second consideration is whether the design is correct such that the objective is likely to be met. The purpose of the look-out is to see what is coming. Of course, at night which is when the Titanic hit the iceberg, the effectiveness of the design of this control must be questioned.
Fortunately for the Titanic, there was another control enabling matters on the horizon to be identified regardless of the time of day. Although in its infancy, the Titanic had a Marconi telegraph and this enabled other ships to communicate with the Titanic and advise of the presence of icebergs.
The telegraph was, however, being used to communicate passengers’ messages and any information of navigational significance was not being passed effectively to the bridge. The issue this highlights is the importance of a proper and effective flow of information to those who need that information and the ability to identify the critical information.
This is particularly pertinent as the information provided to trustees can often be substantial and although all of it is correct, the challenge must be whether the volume makes it difficult to identify the critical issues.
An exercise to identify the key information flows and the linkage of these to the core objectives of the trustees would most likely make the trustees’ role easier.
In the current environment trustees should be considering their approach to risk management, controls and the robustness of processes. As well as publishing articles in our newsletter, we can either run workshops with you on an individual basis or perform some remote analytics which, whilst requiring only a small investment of your time, can provide valuable information for your consideration.
I hope you enjoyed reading this blog. Read part 4 here.